Report a Vulnerability

Reporting a Security Vulnerability

Protecting our customers’ data is a responsibility that Anonyome Labs takes seriously. We recognize the valuable role that independent security researchers play in Internet security. As such, we welcome reports of all security vulnerabilities in Anonyome Labs’ products or services.

Responsible Disclosure

We encourage you to follow these responsible disclosure guidelines, and request that you not disclose your finding publicly until a fix or workaround has been provided by Anonyome Labs. Please send your report via email to security@anonyome.com.

Vulnerability Reporting Guidelines

1 Provide sufficient detail on the steps to reproduce the issue, any code samples you wish to share, applicable screen capture or video, sample packet capture and other details that could facilitate our identification and verification of the problem.

2 You can use the PGP key at the bottom of this page to encrypt sensitive information.

3 Do not publicly share information related to the vulnerability until Anonyome Labs has released a fix.

4 Allow a reasonable timeframe for Anonyome Labs to address the vulnerability and release a fix. Specific timeframes will be estimated during our assessment of your report.

Anonyome Labs’ Commitment to You

We will acknowledge your report within 24 hours of when we receive it.

We will work closely with you to understand your report and validate the security vulnerability you are disclosing. We will aim to provide you at least one update per week.

The information you share with Anonyome Labs as part of this process is kept confidential within Anonyome Labs. It will not be shared with third parties without your permission.

We will notify you when the vulnerability has been resolved and a release plan has been determined.

If we cannot validate and reproduce the issue in your report, this will also be communicated to you.

We will publicly acknowledge your responsible disclosure if you wish. We also respect your right to anonymity if you prefer.

If applicable, Anonyome Labs will coordinate public notification of a validated vulnerability with you. When possible, we would prefer that our respective public disclosures be posted simultaneously.

For the protection of our customers, Anonyome Labs does not disclose, discuss, or confirm security issues until a full investigation is complete and any necessary patches or updates are available.